— Ian Jackson Principal System Administrator REN-ISAC ianj...@ren-isac.net https://www.ren-isac.net FC12 8329 B73D 0292 6AE9 7D36 A6EC F996 7BEC 92
> On Jun 22, 2017, at 4:53 PM, Chris Lamb <la...@debian.org> wrote: > > Signed PGP part > Package : openvpn > Version : 2.2.1-8+deb7u5 > CVE ID : CVE-2017-7520 > Debian Bug : #865480 > > It was discovered that there were multiple out-of-bounds memory read > vulnerabilities in openvpn, a popular virtual private network (VPN) daemon. > > If clients used a HTTP proxy with NTLM authentication, a man-in-the-middle > attacker could cause the client to crash or disclose at most 96 bytes of stack > memory, likely to contain the proxy password. > > For Debian 7 "Wheezy", this issue has been fixed in openvpn version > 2.2.1-8+deb7u5. > > We recommend that you upgrade your openvpn packages. > > > Regards, > > -- > ,''`. > : :' : Chris Lamb, Debian Project Leader > `. `'` la...@debian.org / chris-lamb.co.uk > `- > >
signature.asc
Description: Message signed with OpenPGP
